1669 matches found
CVE-2005-0711
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack...
CVE-2005-0710
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udfinit function...
MySQL 4.x - CREATE FUNCTION mysql.func Table Arbitrary Library Injection
MySQL 4.x - CREATE FUNCTION mysql.func Table Arbitrary Library Injection source: https://www.securityfocus.com/bid/12781/info MySQL is reported prone to multiple vulnerabilities that can be exploited by a remote authenticated attacker. The following individual issues are reported: - Insecure...
[VulnWatch] Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege escalation
Mysql insecure temporary file creation with CREATE TEMPORARY TABLE privilege escalation Author: Stefano Di Paola Vulnerable: Mysql = 4.0.23, 4.1.10 Type of Vulnerability: Local insecure temporary file creation Tested On : Mandrake 10.1 /Debian Sarge Vendor Status: Notified on March, 2nd 2005 --...
[VulnWatch] Mysql CREATE FUNCTION libc arbitrary code execution.
Mysql CREATE FUNCTION libc arbitrary code execution. Author: Stefano Di Paola Vulnerable: Mysql = 4.0.23, 4.1.10 Type of Vulnerability: Local/Remote - input validation Tested On : Mandrake 10.1 /Debian Sarge Vendor Status: Notified on March 2005 -- Description If an authenticated user has INSERT...
GLSA-200501-33 : MySQL: Insecure temporary file creation
The remote host is affected by the vulnerability described in GLSA-200501-33 MySQL: Insecure temporary file creation Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered that the 'mysqlaccess' script creates temporary files in world-writeable directories with predictab...
Mandrake Linux Security Advisory : MySQL (MDKSA-2005:036)
A temporary file vulnerability in the mysqlaccess script in MySQL was discovered by Javier Fernandez-Sanguino Pena. This flaw could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack. It could also be used to view the contents of a temporary file which could...
CVE-2004-0957
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "" underscore, grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities...
r57lite211.txt
!/usr/bin/perl use LWP::UserAgent; LiteForum 2.1.1 http://www.softtime.ru sql injection exploit work on all mysql versions by 1dt.w0lf RusH security team http://rst.void.ru --------------------------------------- greets 2: ghc www.ghc.ru Gh0st Security Team http://gst.void.ru heya Ch0ke7 and off...
Debian DSA-647-1 : mysql - insecure temporary files
Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a tempora...
CVE-2004-0956
MySQL before 4.0.20 allows remote attackers to cause a denial of service application crash via a MATCH AGAINST query with an opening double quote but no closing double quote...
CVE-2004-0956
MySQL before 4.0.20 allows remote attackers to cause a denial of service application crash via a MATCH AGAINST query with an opening double quote but no closing double quote...
CVE-2004-0931
MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service crash via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function...
CVE-2004-0628
Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long scramble string...
CVE-2004-0627
The checkscramble323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string...
CVE-2004-0956
MySQL before 4.0.20 allows remote attackers to cause a denial of service application crash via a MATCH AGAINST query with an opening double quote but no closing double quote...
CVE-2004-0836
Buffer overflow in the mysqlrealconnect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length hlength...
CVE-2004-0837
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service crash or hang via multiple threads that simultaneously alter MERGE table UNIONs...
CVE-2004-0836
Buffer overflow in the mysqlrealconnect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length hlength...
Oracle MySQL < 4.0.21 Remote FULLTEXT Search DoS
Binary data 2369.prm...